Advice needed for the following senario

Hi guys,

I was given the following task by my boss and needed some advise on how I can get it done.

Basically, my company wishes to control the Internet access for the staffs. The staffs will only be allowed to access web content on any server that is outside of the organisation using ports (80) and SSL (443). Access to all web servers is fine internally. All transaction has to be logged on the proxy and associated with a user. To achieve this, my company will need to commision a HTTP/HTTPS proxy. My company also uses the Active Directory for authentication purposes.

I am given a Linux machine to work with. What software solutions can I use to satisfy this requirement? Is there any need for a policy? What other technical changes will I need to make to the client systems, server or the network to enforce this?

Company should be purchasing a hardware firewall with content filtering and reporting. Sonicwall is a product I use.

Fact they are giving you a Linux box with no information on what or how to setup it up mystifies me as to their intentions.

Squid is the product my Linux brother uses for internet control on a Linux box. Iptables won't do it for you.

http://www.skullbox.net/squid.php

Hi wanderer2,

Thanks for the advice. Think the Linux box could be given to me to be setup as the proxy server. Anyway, for Squid, do I just install it on my Linux box itself, or do I install it for every machines including the client machines and server?

And also, I realised the Squid also supports content filtering and reporting too. So, for this case, should i use the filtering and reporting functions of the firewall or those provided by squid instead?

A proxy isn't on the workstation. Wkst just points to it, which in this case is your linux server.

Might post your question about linux and squid in the linux forum. What I know of linux would rattle around in a walnut shell.

No, I don't but I might be requesting for one if that is necessary. However, from what I know, squid can also do content filtering and reporting, which is why I need to know whether if an additional firewall is necessary in this case.